Merge branch 'master' into 'release/1.3.2'

point noVNC to tip of 1.2.2 release

See merge request kasm-technologies/internal/KasmVNC!143

.gitlab-ci.yml

@@ -371,6 +371,25 @@ build_kali_rolling_arm:
     paths:
       - output/
 
+build_centos7:
+  stage: build
+  allow_failure: true
+  tags:
+    - oci-fixed-amd
+  before_script:
+    - *prepare_build
+    - *prepare_www
+  after_script:
+    - *prepare_artfacts
+  script:
+    - bash builder/build-package centos core
+  only:
+    variables:
+      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
+  artifacts:
+    paths:
+      - output/
+
 build_oracle_8:
   stage: build
   allow_failure: true
@@ -637,44 +656,6 @@ build_fedora_forty_arm:
     paths:
       - output/
 
-build_fedora_fortyone:
-  stage: build
-  allow_failure: true
-  tags:
-    - oci-fixed-amd
-  before_script:
-    - *prepare_build
-    - *prepare_www
-  after_script:
-    - *prepare_artfacts
-  script:
-    - bash builder/build-package fedora fortyone;
-  only:
-    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
-  artifacts:
-    paths:
-      - output/
-    
-build_fedora_fortyone_arm:
-  stage: build
-  allow_failure: true
-  tags:
-    - oci-fixed-arm
-  before_script: 
-    - *prepare_build
-    - *prepare_www
-  after_script:
-    - *prepare_artfacts
-  script: 
-    - bash builder/build-package fedora fortyone;
-  only:
-    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
-  artifacts:
-    paths:
-      - output/
-
 build_alpine_317:
   stage: build
   allow_failure: true
@@ -837,44 +818,6 @@ build_alpine_320_arm:
     paths:
       - output/
 
-build_alpine_321:
-  stage: build
-  allow_failure: true
-  tags:
-    - oci-fixed-amd
-  before_script:
-    - *prepare_build
-    - *prepare_www
-  after_script:
-    - *prepare_artfacts
-  script:
-    - bash builder/build-package alpine 321;
-  only:
-    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
-  artifacts:
-    paths:
-      - output/
-
-build_alpine_321_arm:
-  stage: build
-  allow_failure: true
-  tags:
-    - oci-fixed-arm
-  before_script:
-    - *prepare_build
-    - *prepare_www
-  after_script:
-    - *prepare_artfacts
-  script:
-    - bash builder/build-package alpine 321;
-  only:
-    variables:
-      - $BUILD_JOBS == 'all' || $BUILD_JOBS =~ $CI_JOB_NAME
-  artifacts:
-    paths:
-      - output/
-
 upload:
   stage: upload
   image: ubuntu:focal

builder/build.sh

@@ -46,11 +46,7 @@ EOF
 cd /tmp
 # default to the version of x in Ubuntu 18.04, otherwise caller will need to specify
 XORG_VER=${XORG_VER:-"1.19.6"}
-if [[ "${XORG_VER}" == 21* ]]; then
-  XORG_PATCH=21
-else
-  XORG_PATCH=$(echo "$XORG_VER" | grep -Po '^\d.\d+' | sed 's#\.##')
-fi
+XORG_PATCH=$(echo "$XORG_VER" | grep -Po '^\d.\d+' | sed 's#\.##')
 wget --no-check-certificate https://www.x.org/archive/individual/xserver/xorg-server-${XORG_VER}.tar.gz
 
 #git clone https://kasmweb@bitbucket.org/kasmtech/kasmvnc.git

builder/dockerfile.alpine_317.build

@@ -2,7 +2,7 @@ FROM alpine:3.17
 
 ENV KASMVNC_BUILD_OS alpine
 ENV KASMVNC_BUILD_OS_CODENAME 317
-ENV XORG_VER 21.1.8
+ENV XORG_VER 1.20.14
 
 RUN \
   echo "**** install build deps ****" && \

builder/dockerfile.alpine_318.build

@@ -2,7 +2,7 @@ FROM alpine:3.18
 
 ENV KASMVNC_BUILD_OS alpine
 ENV KASMVNC_BUILD_OS_CODENAME 318
-ENV XORG_VER 21.1.10
+ENV XORG_VER 1.20.14
 
 RUN \
   echo "**** install build deps ****" && \

builder/dockerfile.alpine_319.build

@@ -2,7 +2,7 @@ FROM alpine:3.19
 
 ENV KASMVNC_BUILD_OS alpine
 ENV KASMVNC_BUILD_OS_CODENAME 319
-ENV XORG_VER 21.1.12
+ENV XORG_VER 1.20.14
 
 RUN \
   echo "**** install build deps ****" && \

builder/dockerfile.alpine_320.build

@@ -2,7 +2,7 @@ FROM alpine:3.20
 
 ENV KASMVNC_BUILD_OS alpine
 ENV KASMVNC_BUILD_OS_CODENAME 320
-ENV XORG_VER 21.1.14
+ENV XORG_VER 1.20.14
 
 RUN \
   echo "**** install build deps ****" && \

builder/dockerfile.alpine_321.apk.build

@@ -1,7 +0,0 @@
-FROM alpine:3.21
-
-RUN apk add shadow bash
-
-RUN useradd -m docker && echo "docker:docker" | chpasswd
-
-USER docker

builder/dockerfile.alpine_321.build

@@ -1,82 +0,0 @@
-FROM alpine:3.21
-
-ENV KASMVNC_BUILD_OS alpine
-ENV KASMVNC_BUILD_OS_CODENAME 321
-ENV XORG_VER 21.1.14
-
-RUN \
-  echo "**** install build deps ****" && \
-  apk add \
-    alpine-release \
-    alpine-sdk \
-    autoconf \
-    automake \
-    bash \
-    ca-certificates \
-    cmake \
-    coreutils \
-    curl \
-    eudev-dev \
-    font-cursor-misc \
-    font-misc-misc \
-    font-util-dev \
-    git \
-    grep \
-    jq \
-    libdrm-dev \
-    libepoxy-dev \
-    libjpeg-turbo-dev \
-    libjpeg-turbo-static \
-    libpciaccess-dev \
-    libtool \
-    libwebp-dev \
-    libx11-dev \
-    libxau-dev \
-    libxcb-dev \
-    libxcursor-dev \
-    libxcvt-dev \
-    libxdmcp-dev \
-    libxext-dev \
-    libxfont2-dev \
-    libxkbfile-dev \
-    libxrandr-dev \
-    libxshmfence-dev \
-    libxtst-dev \
-    mesa-dev \
-    mesa-dri-gallium \
-    meson \
-    nettle-dev \
-    openssl-dev \
-    pixman-dev \
-    procps \
-    shadow \
-    tar \
-    tzdata \
-    wayland-dev \
-    wayland-protocols \
-    xcb-util-dev \
-    xcb-util-image-dev \
-    xcb-util-keysyms-dev \
-    xcb-util-renderutil-dev \
-    xcb-util-wm-dev \
-    xinit \
-    xkbcomp \
-    xkbcomp-dev \
-    xkeyboard-config \
-    xorgproto \
-    xorg-server-common \
-    xorg-server-dev \
-    xtrans
-
-
-ENV SCRIPTS_DIR=/tmp/scripts
-COPY builder/scripts $SCRIPTS_DIR
-RUN $SCRIPTS_DIR/build-webp
-RUN $SCRIPTS_DIR/build-libjpeg-turbo
-
-RUN useradd -m docker && echo "docker:docker" | chpasswd
-
-COPY --chown=docker:docker . /src/
-
-USER docker
-ENTRYPOINT ["/src/builder/build.sh"]

builder/dockerfile.debian_bookworm.build

@@ -2,7 +2,7 @@ FROM debian:bookworm-slim
 
 ENV KASMVNC_BUILD_OS debian
 ENV KASMVNC_BUILD_OS_CODENAME bookworm
-ENV XORG_VER 21.1.7
+ENV XORG_VER 1.20.10
 ENV DEBIAN_FRONTEND noninteractive
 
 RUN \

builder/dockerfile.fedora_fortyone.build

@@ -1,87 +0,0 @@
-FROM fedora:41
-
-ENV KASMVNC_BUILD_OS fedora
-ENV KASMVNC_BUILD_OS_CODENAME fortyone
-ENV XORG_VER 21.1.15
-
-RUN \
-  echo "**** install build deps ****" && \
-  dnf group install -y \
-    c-development \
-    development-tools \
-    development-libs && \
-  dnf install -y \
-    autoconf \
-    automake \
-    bison \
-    byacc \
-    bzip2 \
-    cmake \
-    diffutils \
-    doxygen \
-    file \
-    flex \
-    fop \
-    gcc \
-    gcc-c++ \
-    git \
-    glibc-devel \
-    libdrm-devel \
-    libepoxy-devel \
-    libmd-devel \
-    libpciaccess-devel \
-    libtool \
-    libwebp-devel \
-    libX11-devel \
-    libXau-devel \
-    libxcb-devel \
-    libXcursor-devel \
-    libxcvt-devel \
-    libXdmcp-devel \
-    libXext-devel \
-    libXfont2-devel \
-    libxkbfile-devel \
-    libXrandr-devel \
-    libxshmfence-devel \
-    libXtst-devel \
-    mesa-libEGL-devel \
-    mesa-libgbm-devel \
-    mesa-libGL-devel \
-    meson \
-    mingw64-binutils \
-    mt-st \
-    nettle-devel \
-    openssl-devel \
-    patch \
-    pixman-devel \
-    wayland-devel \
-    wget \
-    which \
-    xcb-util-devel \
-    xcb-util-image-devel \
-    xcb-util-keysyms-devel \
-    xcb-util-renderutil-devel \
-    xcb-util-wm-devel \
-    xinit \
-    xkbcomp \
-    xkbcomp-devel \
-    xkeyboard-config \
-    xmlto \
-    xorg-x11-font-utils \
-    xorg-x11-proto-devel \
-    xorg-x11-server-common \
-    xorg-x11-server-devel \
-    xorg-x11-xtrans-devel \
-    xsltproc
-
-ENV SCRIPTS_DIR=/tmp/scripts
-COPY builder/scripts $SCRIPTS_DIR
-RUN $SCRIPTS_DIR/build-webp
-RUN $SCRIPTS_DIR/build-libjpeg-turbo
-
-RUN useradd -m docker && echo "docker:docker" | chpasswd
-
-COPY --chown=docker:docker . /src/
-
-USER docker
-ENTRYPOINT ["/src/builder/build.sh"]

builder/dockerfile.fedora_fortyone.rpm.build

@@ -1,13 +0,0 @@
-FROM fedora:41
-
-RUN dnf install -y fedora-packager fedora-review
-RUN dnf install -y tree vim less
-RUN dnf install -y redhat-lsb-core
-RUN dnf install -y dnf-plugins-core
-
-COPY fedora/*.spec /tmp
-RUN dnf builddep -y /tmp/*.spec
-
-RUN useradd -m docker && echo "docker:docker" | chpasswd
-
-USER docker

builder/dockerfile.kali_kali-rolling.build

@@ -2,8 +2,10 @@ FROM kalilinux/kali-rolling:latest
 
 ENV KASMVNC_BUILD_OS kali
 ENV KASMVNC_BUILD_OS_CODENAME kali-rolling
-ENV XORG_VER 21.1.14
+ENV XORG_VER 1.20.10
 ENV DEBIAN_FRONTEND noninteractive
+ENV CC=gcc-11
+ENV CXX=g++-11
 
 RUN grep '^deb'  /etc/apt/sources.list | sed 's#^deb#deb-src#' >> /etc/apt/sources.list
 
@@ -12,7 +14,7 @@ RUN apt-get update && \
 
 RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata
 RUN apt-get update && apt-get -y build-dep xorg-server libxfont-dev
-RUN apt-get update && apt-get -y install gcc g++ curl
+RUN apt-get update && apt-get -y install gcc-11 g++-11 curl
 RUN apt-get update && apt-get -y install cmake git libgnutls28-dev vim wget tightvncserver
 RUN apt-get update && apt-get -y install libpng-dev libtiff-dev libgif-dev libavcodec-dev libssl-dev libxrandr-dev libxcursor-dev
 

builder/dockerfile.oracle_8.build

@@ -2,7 +2,7 @@ FROM oraclelinux:8
 
 ENV KASMVNC_BUILD_OS oracle
 ENV KASMVNC_BUILD_OS_CODENAME 8
-ENV XORG_VER 1.20.11
+ENV XORG_VER 1.20.10
 
 # Install from stock repos
 RUN \

builder/dockerfile.oracle_9.build

@@ -2,7 +2,7 @@ FROM oraclelinux:9
 
 ENV KASMVNC_BUILD_OS oracle
 ENV KASMVNC_BUILD_OS_CODENAME 9
-ENV XORG_VER 1.20.11
+ENV XORG_VER 1.20.10
 
 # Install from stock repos
 RUN \

builder/dockerfile.ubuntu_jammy.build

@@ -2,7 +2,7 @@ FROM ubuntu:jammy
 
 ENV KASMVNC_BUILD_OS ubuntu
 ENV KASMVNC_BUILD_OS_CODENAME jammy
-ENV XORG_VER 21.1.3
+ENV XORG_VER 1.20.8
 ENV DEBIAN_FRONTEND noninteractive
 
 RUN sed -i 's$# deb-src$deb-src$' /etc/apt/sources.list

builder/dockerfile.ubuntu_noble.build

@@ -2,7 +2,7 @@ FROM ubuntu:noble
 
 ENV KASMVNC_BUILD_OS ubuntu
 ENV KASMVNC_BUILD_OS_CODENAME noble
-ENV XORG_VER 21.1.12
+ENV XORG_VER 1.20.8
 ENV DEBIAN_FRONTEND noninteractive
 
 RUN sed -i 's$Types: deb$Types: deb deb-src$' /etc/apt/sources.list.d/ubuntu.sources

centos/kasmvncserver.spec

@@ -1,5 +1,5 @@
 Name:           kasmvncserver
-Version:        1.3.3
+Version:        1.2.0
 Release:        1%{?dist}
 Summary:        VNC server accessible from a web browser
 
@@ -83,27 +83,6 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 
 %changelog
-* Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
-- Allow disabling IP blacklist
-- Downloads API for detailed file downloads information
-* Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
-- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
-- Fixed CVE-2024-38449, directory traversal bug in built-in web server.
-- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
-- Fixed memory leak in kasmproxy.
-- Fixed mime types of downloads to ensure the browser interprets them as downloads.
-* Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
-- Fix exception thrown on Firefox 124 and higher
-- Fix artifacts on high resolution secondary screens
-- Fixes for touch support on primary and secondary screens
-- Fix for Oculus keyboard input
-* Mon Feb 05 2024 KasmTech <info@kasmweb.com> - 1.3.0-1
-- Multi-monitor support.
-- Increased performance with watermark enabled.
-- Added support for Fedora 39 and Alpine 319.
-- Allow special characters in usernames.
-- Better logging of client settings when client connects or changes settings.
-- Add support for rotation of text-based watermark.
 * Fri Aug 25 2023 KasmTech <info@kasmweb.com> - 1.2.0-1
 - Add support for Unix relays for bidirectional communication between noVNC
   and containerized applications.

common/network/websocket.c

@@ -27,9 +27,6 @@
 #include <arpa/inet.h>
 #include <netdb.h>
 #include <fcntl.h>  // daemonizing
-#include <pwd.h>
-#include <grp.h>
-#include <wordexp.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 #include <openssl/bio.h> /* base64 encode/decode */
@@ -927,7 +924,7 @@ static void servefile(ws_ctx_t *ws_ctx, const char *in, const char * const user,
 
     // in case they percent-encoded dots
     if (strstr(buf, "../")) {
-        handler_msg("Attempted dir traversal attack, rejecting\n");
+        handler_msg("Attempted dir traversal attack, rejecting\n", len);
         goto nope;
     }
 
@@ -1639,103 +1636,6 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in, const char * const use
         ws_send(ws_ctx, buf, strlen(buf));
         weblog(200, wsthread_handler_id, 0, origip, ip, user, 1, origpath, strlen(buf));
 
-        ret = 1;
-    } else entry("/api/downloads") {
-        char subpath[PATH_MAX] = "", startpath[PATH_MAX] = "~/Downloads", allpath[PATH_MAX];
-        param = parse_get(args, "path", &len);
-        if (len) {
-            memcpy(buf, param, len);
-            buf[len] = '\0';
-            percent_decode(buf, subpath, 0);
-
-            if (strstr(subpath, "../")) {
-                handler_msg("Attempted directory traversal in /api/downloads\n");
-                goto nope;
-            }
-        }
-
-        wordexp_t wexp;
-        if (!wordexp(startpath, &wexp, WRDE_NOCMD))
-            strcpy(startpath, wexp.we_wordv[0]);
-        else
-            goto nope;
-        wordfree(&wexp);
-
-        snprintf(allpath, PATH_MAX, "%s/%s", startpath, subpath);
-        allpath[PATH_MAX - 1] = '\0';
-
-        DIR *dir = opendir(allpath);
-        if (!dir) {
-            handler_msg("Requested dir does not exist\n");
-            goto nope;
-        }
-
-        sprintf(buf, "HTTP/1.1 200 OK\r\n"
-                 "Server: KasmVNC/4.0\r\n"
-                 "Connection: close\r\n"
-                 "Content-type: text/json\r\n"
-                 "%s"
-                 "\r\n", extra_headers ? extra_headers : "");
-        ws_send(ws_ctx, buf, strlen(buf));
-        len = 15;
-
-        ws_send(ws_ctx, "{ \"files\": [\n", 13);
-
-        struct dirent *ent;
-        unsigned char sent = 0;
-        while ((ent = readdir(dir))) {
-            if (!strcmp(ent->d_name, ".") || !strcmp(ent->d_name, ".."))
-                continue;
-
-            sprintf(path, "%s/%s", allpath, ent->d_name);
-            struct stat st;
-            if (lstat(path, &st))
-                continue;
-
-            char own[LOGIN_NAME_MAX], grp[LOGIN_NAME_MAX], perms[32];
-            sprintf(perms, "%03o", st.st_mode & 0777);
-
-            struct passwd pwdt, *pwdptr;
-            if (getpwuid_r(st.st_uid, &pwdt, buf, sizeof(buf), &pwdptr)) {
-                sprintf(own, "(unknown uid %u)", st.st_uid);
-            } else {
-                strcpy(own, pwdt.pw_name);
-            }
-
-            struct group grpt, *grpptr;
-            if (getgrgid_r(st.st_gid, &grpt, buf, sizeof(buf), &grpptr)) {
-                sprintf(grp, "(unknown gid %u)", st.st_gid);
-            } else {
-                strcpy(grp, grpt.gr_name);
-            }
-
-            sprintf(buf, "%s{ \"filename\": \"%s\", "
-                         "\"date_modified\": %lu, "
-                         "\"date_created\": %lu, "
-                         "\"is_dir\": %s, "
-                         "\"size\": %lu, "
-                         "\"owner\": \"%s\", "
-                         "\"group\": \"%s\", "
-                         "\"perms\": \"%s\" }",
-                         sent ? ",\n" : "",
-                         ent->d_name,
-                         st.st_mtime,
-                         st.st_ctime,
-                         S_ISDIR(st.st_mode) ? "true" : "false",
-                         S_ISDIR(st.st_mode) ? 0 : st.st_size,
-                         own,
-                         grp,
-                         perms);
-            sent = 1;
-            ws_send(ws_ctx, buf, strlen(buf));
-            len += strlen(buf);
-        }
-
-        ws_send(ws_ctx, "]}", 2);
-
-        closedir(dir);
-        weblog(200, wsthread_handler_id, 0, origip, ip, user, 1, origpath, len);
-
         ret = 1;
     }
 

common/rfb/Blacklist.cxx

@@ -42,9 +42,6 @@ Blacklist::~Blacklist() {
 }
 
 bool Blacklist::isBlackmarked(const char* name) {
-  if (!threshold)
-    return false;
-
   BlacklistMap::iterator i = blm.find(name);
   if (i == blm.end()) {
     // Entry is not already black-marked.

debian/changelog

@@ -1,40 +1,3 @@
-kasmvnc (1.3.3-1) unstable; urgency=medium
-
-  * Allow disabling IP blacklist
-  * Downloads API for detailed file downloads information
-
- -- Kasm Technologies LLC <info@kasmweb.com>  Fri, 25 Oct 2024 11:23:00 +0000
-
-kasmvnc (1.3.2-1) unstable; urgency=medium
-
-  * Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
-  * Fixed CVE-2024-38449, directory traversal bug in built-in web server.
-  * Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
-  * Fixed memory leak in kasmproxy.
-  * Fixed mime types of downloads to ensure the browser interprets them as downloads.
-
- -- Kasm Technologies LLC <info@kasmweb.com>  Tue, 24 Sep 2024 11:23:00 +0000
-
-kasmvnc (1.3.1-1) unstable; urgency=medium
-
-  * Fix exception thrown on Firefox 124 and higher
-  * Fix artifacts on high resolution secondary screens
-  * Fixes for touch support on primary and secondary screens
-  * Fix for Oculus keyboard input
-
- -- Kasm Technologies LLC <info@kasmweb.com>  Mon, 12 Mar 2024 11:23:00 +0000
-
-kasmvnc (1.3.0-1) unstable; urgency=medium
-
-  * Multi-monitor support.
-  * Increased performance with watermark enabled.
-  * Added support for Fedora 39 and Alpine 319.
-  * Allow special characters in usernames.
-  * Better logging of client settings when client connects or changes settings.
-  * Add support for rotation of text-based watermark.
-
- -- Kasm Technologies LLC <info@kasmweb.com>  Mon, 02 Feb 2024 14:33:00 +0000
-
 kasmvnc (1.2.0-1) unstable; urgency=medium
 
   * Add support for Unix relays for bidirectional communication between noVNC

fedora/kasmvncserver.spec

@@ -1,5 +1,5 @@
 Name:           kasmvncserver
-Version:        1.3.3
+Version:        1.2.0
 Release:        1%{?dist}
 Summary:        VNC server accessible from a web browser
 
@@ -83,27 +83,6 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 
 %changelog
-* Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
-- Allow disabling IP blacklist
-- Downloads API for detailed file downloads information
-* Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
-- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
-- Fixed CVE-2024-38449, directory traversal bug in built-in web server.
-- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
-- Fixed memory leak in kasmproxy.
-- Fixed mime types of downloads to ensure the browser interprets them as downloads.
-* Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
-- Fix exception thrown on Firefox 124 and higher
-- Fix artifacts on high resolution secondary screens
-- Fixes for touch support on primary and secondary screens
-- Fix for Oculus keyboard input
-* Mon Feb 05 2024 KasmTech <info@kasmweb.com> - 1.3.0-1
-- Multi-monitor support.
-- Increased performance with watermark enabled.
-- Added support for Fedora 39 and Alpine 319.
-- Allow special characters in usernames.
-- Better logging of client settings when client connects or changes settings.
-- Add support for rotation of text-based watermark.
 * Fri Aug 25 2023 KasmTech <info@kasmweb.com> - 1.2.0-1
 - Add support for Unix relays for bidirectional communication between noVNC
   and containerized applications.

opensuse/kasmvncserver.spec

@@ -1,5 +1,5 @@
 Name:           kasmvncserver
-Version:        1.3.3
+Version:        1.2.0
 Release:        leap15
 Summary:        VNC server accessible from a web browser
 
@@ -81,27 +81,6 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 
 %changelog
-* Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
-- Allow disabling IP blacklist
-- Downloads API for detailed file downloads information
-* Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
-- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
-- Fixed CVE-2024-38449, directory traversal bug in built-in web server.
-- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
-- Fixed memory leak in kasmproxy.
-- Fixed mime types of downloads to ensure the browser interprets them as downloads.
-* Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
-- Fix exception thrown on Firefox 124 and higher
-- Fix artifacts on high resolution secondary screens
-- Fixes for touch support on primary and secondary screens
-- Fix for Oculus keyboard input
-* Mon Feb 05 2024 KasmTech <info@kasmweb.com> - 1.3.0-1
-- Multi-monitor support.
-- Increased performance with watermark enabled.
-- Added support for Fedora 39 and Alpine 319.
-- Allow special characters in usernames.
-- Better logging of client settings when client connects or changes settings.
-- Add support for rotation of text-based watermark.
 * Fri Aug 25 2023 KasmTech <info@kasmweb.com> - 1.2.0-leap15
 - Add support for Unix relays for bidirectional communication between noVNC
   and containerized applications.

oracle/kasmvncserver.spec

@@ -1,5 +1,5 @@
 Name:           kasmvncserver
-Version:        1.3.3
+Version:        1.2.0
 Release:        1%{?dist}
 Summary:        VNC server accessible from a web browser
 
@@ -82,27 +82,6 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 
 %changelog
-* Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
-- Allow disabling IP blacklist
-- Downloads API for detailed file downloads information
-* Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
-- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
-- Fixed CVE-2024-38449, directory traversal bug in built-in web server.
-- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
-- Fixed memory leak in kasmproxy.
-- Fixed mime types of downloads to ensure the browser interprets them as downloads.
-* Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
-- Fix exception thrown on Firefox 124 and higher
-- Fix artifacts on high resolution secondary screens
-- Fixes for touch support on primary and secondary screens
-- Fix for Oculus keyboard input
-* Mon Feb 05 2024 KasmTech <info@kasmweb.com> - 1.3.0-1
-- Multi-monitor support.
-- Increased performance with watermark enabled.
-- Added support for Fedora 39 and Alpine 319.
-- Allow special characters in usernames.
-- Better logging of client settings when client connects or changes settings.
-- Add support for rotation of text-based watermark.
 * Fri Aug 25 2023 KasmTech <info@kasmweb.com> - 1.2.0-1
 - Add support for Unix relays for bidirectional communication between noVNC
   and containerized applications.

oracle/kasmvncserver9.spec

@@ -1,5 +1,5 @@
 Name:           kasmvncserver
-Version:        1.3.3
+Version:        1.2.0
 Release:        1%{?dist}
 Summary:        VNC server accessible from a web browser
 
@@ -82,27 +82,6 @@ cd $DST_MAN && ln -s vncpasswd.1 kasmvncpasswd.1;
 %doc /usr/share/doc/kasmvncserver/README.md
 
 %changelog
-* Fri Oct 25 2024 KasmTech <info@kasmweb.com> - 1.3.3-1
-- Allow disabling IP blacklist
-- Downloads API for detailed file downloads information
-* Tue Sep 24 2024 KasmTech <info@kasmweb.com> - 1.3.2-1
-- Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a Paste menu over the canvas.
-- Fixed CVE-2024-38449, directory traversal bug in built-in web server.
-- Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.
-- Fixed memory leak in kasmproxy.
-- Fixed mime types of downloads to ensure the browser interprets them as downloads.
-* Tue Mar 12 2024 KasmTech <info@kasmweb.com> - 1.3.1-1
-- Fix exception thrown on Firefox 124 and higher
-- Fix artifacts on high resolution secondary screens
-- Fixes for touch support on primary and secondary screens
-- Fix for Oculus keyboard input
-* Mon Feb 05 2024 KasmTech <info@kasmweb.com> - 1.3.0-1
-- Multi-monitor support.
-- Increased performance with watermark enabled.
-- Added support for Fedora 39 and Alpine 319.
-- Allow special characters in usernames.
-- Better logging of client settings when client connects or changes settings.
-- Add support for rotation of text-based watermark.
 * Fri Aug 25 2023 KasmTech <info@kasmweb.com> - 1.2.0-1
 - Add support for Unix relays for bidirectional communication between noVNC
   and containerized applications.

unix/xserver/hw/vnc/Xvnc.man

@@ -478,7 +478,7 @@ See the GnuTLS manual for possible values. Default is \fBNORMAL\fP.
 .TP
 .B \-BlacklistThreshold \fIcount\fP
 The number of unauthenticated connection attempts allowed from any individual
-host before that host is black-listed.  Default is 5. Set to 0 to disable.
+host before that host is black-listed.  Default is 5.
 .
 .TP
 .B \-BlacklistTimeout \fIseconds\fP

unix/xserver/hw/vnc/xorg-version.h

@@ -54,10 +54,8 @@
 #define XORG 119
 #elif XORG_VERSION_CURRENT < ((1 * 10000000) + (20 * 100000) + (99 * 1000))
 #define XORG 120
-#elif XORG_VERSION_CURRENT < ((1 * 10000000) + (21 * 100000) + (99 * 1000))
-#define XORG 121
 #else
-#error "X.Org newer than 21 is not supported"
+#error "X.Org newer than 1.20 is not supported"
 #endif
 
 #endif

unix/xserver/hw/vnc/xvnc.c

@@ -94,8 +94,9 @@ from the X Consortium.
 #undef VENDOR_RELEASE
 #undef VENDOR_STRING
 #include "version-config.h"
+#include "site.h"
 
-#define XVNCVERSION "KasmVNC 1.3.3"
+#define XVNCVERSION "KasmVNC 1.2.0"
 #define XVNCCOPYRIGHT ("Copyright (C) 1999-2018 KasmVNC Team and many others (see README.me)\n" \
                        "See http://kasmweb.com for information on KasmVNC.\n")
 
@@ -163,7 +164,7 @@ const char *driNode = NULL;
 static Bool displaySpecified = FALSE;
 static char displayNumStr[16];
 
-static int vncVerbose = 0;
+static int vncVerbose = DEFAULT_LOG_VERBOSITY;
 
 int unixrelays[MAX_UNIX_RELAYS];
 char unixrelaynames[MAX_UNIX_RELAYS][MAX_UNIX_RELAY_NAME_LEN];
@@ -282,13 +283,8 @@ vncPrintBanner(void)
     ErrorF("\nXvnc %s%s - built %s\n%s", XVNCVERSION,
            sizeof(XVNCEXTRAVERSION) > 2 ? XVNCEXTRAVERSION : "",
            buildtime, XVNCCOPYRIGHT);
-    // VENDOR_STRING was removed in 21
-    #ifdef VENDOR_STRING
     ErrorF("Underlying X server release %d, %s\n\n", VENDOR_RELEASE,
            VENDOR_STRING);
-    #else
-    ErrorF("Underlying X server release %d\n\n", VENDOR_RELEASE);
-    #endif
 }
 
 static void

unix/xserver21.patch

@@ -1,115 +0,0 @@
-diff -urpN xorg-server-1.20.0/configure.ac xorg-server-1.20.0/configure.ac
---- xorg-server-1.20.0/configure.ac	2018-05-10 09:32:34.000000000 -0700
-+++ xorg-server-1.20.0/configure.ac	2018-06-13 19:04:47.536413626 -0700
-@@ -74,6 +74,7 @@ dnl forcing an entire recompile.x
- AC_CONFIG_HEADERS(include/version-config.h)
- 
- AM_PROG_AS
-+AC_PROG_CXX
- AC_PROG_LN_S
- LT_PREREQ([2.2])
- LT_INIT([disable-static win32-dll])
-@@ -1777,6 +1778,10 @@ if test "x$XVFB" = xyes; then
- 	AC_SUBST([XVFB_SYS_LIBS])
- fi
- 
-+dnl Xvnc DDX
-+AC_SUBST([XVNC_CPPFLAGS], ["-DHAVE_DIX_CONFIG_H $XSERVER_CFLAGS"])
-+AC_SUBST([XVNC_LIBS], ["$FB_LIB $FIXES_LIB $XEXT_LIB $CONFIG_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $DRI3_LIB $PRESENT_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $MAIN_LIB"])
-+AC_SUBST([XVNC_SYS_LIBS], ["$GLX_SYS_LIBS"])
- 
- dnl Xnest DDX
- 
-@@ -1812,6 +1817,8 @@ if test "x$XORG" = xauto; then
- fi
- AC_MSG_RESULT([$XORG])
- 
-+AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version])
-+
- if test "x$XORG" = xyes; then
- 	XORG_DDXINCS='-I$(top_srcdir)/hw/xfree86 -I$(top_srcdir)/hw/xfree86/include -I$(top_srcdir)/hw/xfree86/common'
- 	XORG_OSINCS='-I$(top_srcdir)/hw/xfree86/os-support -I$(top_srcdir)/hw/xfree86/os-support/bus -I$(top_srcdir)/os'
-@@ -2029,7 +2036,6 @@ if test "x$XORG" = xyes; then
- 	AC_DEFINE(XORG_SERVER, 1, [Building Xorg server])
- 	AC_DEFINE(XORGSERVER, 1, [Building Xorg server])
- 	AC_DEFINE(XFree86Server, 1, [Building XFree86 server])
--	AC_DEFINE_UNQUOTED(XORG_VERSION_CURRENT, [$VENDOR_RELEASE], [Current Xorg version])
- 	AC_DEFINE(NEED_XF86_TYPES, 1, [Need XFree86 typedefs])
- 	AC_DEFINE(NEED_XF86_PROTOTYPES, 1, [Need XFree86 helper functions])
- 	AC_DEFINE(__XSERVERNAME__, "Xorg", [Name of X server])
-@@ -2565,6 +2571,7 @@ hw/dmx/Makefile
- hw/dmx/man/Makefile
- hw/vfb/Makefile
- hw/vfb/man/Makefile
-+hw/vnc/Makefile
- hw/xnest/Makefile
- hw/xnest/man/Makefile
- hw/xwin/Makefile
-diff -urpN xorg-server-1.20.0/hw/Makefile.am xorg-server-1.20.0/hw/Makefile.am
---- xorg-server-1.20.0/hw/Makefile.am	2018-05-10 09:32:34.000000000 -0700
-+++ xorg-server-1.20.0/hw/Makefile.am	2018-06-13 19:04:47.536413626 -0700
-@@ -44,3 +44,5 @@
- 
- relink:
- 	$(AM_V_at)for i in $(SUBDIRS) ; do $(MAKE) -C $$i relink || exit 1 ; done
-+
-+SUBDIRS += vnc
-diff -urpN xorg-server-1.20.0/mi/miinitext.c xorg-server-1.20.0/mi/miinitext.c
---- xorg-server-1.20.0/mi/miinitext.c	2018-05-10 09:32:37.000000000 -0700
-+++ xorg-server-1.20.0/mi/miinitext.c	2018-06-13 19:05:14.742200675 -0700
-@@ -107,8 +107,15 @@ SOFTWARE.
- #include "os.h"
- #include "globals.h"
- 
-+#ifdef KASMVNC
-+extern void vncExtensionInit(void);
-+#endif
-+
- /* List of built-in (statically linked) extensions */
- static const ExtensionModule staticExtensions[] = {
-+#ifdef KASMVNC
-+    {vncExtensionInit, "VNC-EXTENSION", NULL},
-+#endif
-     {GEExtensionInit, "Generic Event Extension", &noGEExtension},
-     {ShapeExtensionInit, "SHAPE", NULL},
- #ifdef MITSHM
---- xserver.orig/present/present.c	2019-02-26 21:28:50.000000000 +0200
-+++ xserver/present/present.c	2023-01-20 11:32:27.175493594 +0200
-@@ -27,6 +27,8 @@
- #include "present_priv.h"
- #include <gcstruct.h>
- 
-+void xvnc_sync_dri3_pixmap(PixmapPtr pixmap);
-+
- /*
-  * Returns:
-  * TRUE if the first MSC value is equal to or after the second one
-@@ -79,6 +81,8 @@
-     ScreenPtr   screen = drawable->pScreen;
-     GCPtr       gc;
- 
-+    xvnc_sync_dri3_pixmap(pixmap);
-+
-     gc = GetScratchGC(drawable->depth, screen);
-     if (update) {
-         ChangeGCVal     changes[2];
---- xserver.orig/damageext/damageext.c	2019-02-26 21:28:50.000000000 +0200
-+++ xserver/damageext/damageext.c	2023-03-21 12:52:58.411647186 +0200
-@@ -87,6 +87,8 @@
-     *h = draw->height;
- }
- 
-+void xvnc_sync_dri3_textures(void);
-+
- static void
- DamageExtNotify(DamageExtPtr pDamageExt, BoxPtr pBoxes, int nBoxes)
- {
-@@ -97,6 +99,8 @@
- 
-     damageGetGeometry(pDrawable, &x, &y, &w, &h);
- 
-+    xvnc_sync_dri3_textures();
-+
-     UpdateCurrentTimeIf();
-     ev = (xDamageNotifyEvent) {
-         .type = DamageEventBase + XDamageNotify,